Give us your feedback!
Question:
Clark-Wilson focuses primarily on:
Response:
Confidentialty
Authentication
Accessibility
Address Integrity
Availability
What OSI Layer includes data encryption?
Application
Presentation
Network
Datalink
Transport
Which of the following is NOT a RAW authentication protocol?
EAP
LDAP
CHAP
PAP
Which of the following is primarily focused on identifying violations and incidents?
Compensating
Recovery
Detective
Preventative
Corrective
Match the following terms and definitions
Intended to discourage a potential attacker
Deterrent
Intended to avoid an incident from happening
Preventive
Fixes component or systems after an incident has occurred
Intended to bring the environment back to production levels
Identify an incidents activities
Alternate measures of control
Account administration, policies and standards, asset classification and reviews of audit trails are all examples of
Physical controls
Administrative controls
Both technical and administrative controls
Technical controls
Which of the following packet switched networks is best suited to support fully meshed VPNs?
ATM
SMDS
Frame Relay
SONET
MPLS
John's computer access changed with his reassignment to a new department. This is an example of:
Mandatory access control
Need-to-Know control
Access List Control
Role-based access control
Owner set access control
Which access control includes locked doors?
Technical
Physical
Organizational
Owner
Administrative
Which of the following is a remote authentication system?
SESAME
KERBEROS
TACACS
OpenVPN
Match the following examples to their definitions
Unpatched servers
Vulnerability
A virus that relies on unpatched code or OS levels
Threat
The likelihood a threat will be realized, the frequency of natural disasters
Risk
$1M dollars per day downtime
A proxy server
Countermeasure
How many levels are there in the latest (June 2013) OSI model?
6
5
7
10
8
Motion detectors, video cameras, fences, locked doors, guards and dogs are all examples of
Both Technical and Administrative controls
Which of the following is primarily focused on reducing risk?
Which access control includes training?
